Multiple Agents (browser) from same IP in 2 minutes

Discussion in 'Security' started by Claudek, Dec 28, 2006.

0
  1. #1
    Hello,

    Going through one of website logs, I noticed over 100 visits from 1 IP which had a multitude of Browser Agents. I am not sure what to make of this - whether it is a test of some sort or a probe of sorts to see what output is given depending on Agent.

    The details are as below:
    IP Address: 66.150.225.119
    Time Period: Date: Dec 28 07:19:49 - Dec 28 07:21:11


    Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)
    Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt; MRA 4.0 (build 00768))
    Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
    Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; http://www.tropicdesigns.net)
    Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1)
    Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
    Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MyIE2; MRA 4.4 (build 01348))
    Agent: Mozilla/5.0 (compatible; Googlebot/2.1;+http://www.google.com/bot.html)
    Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Maxthon)
    Agent: Mozilla/5.0 (Windows NT 5.1; U) Opera 7.54 [ru]
    Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
    Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.50

    I may have missed a couple of agents but the general idea can be seen.

    Any ideas on this would be appreciated. Last thing I need now is that site having issues.
     
    Claudek, Dec 28, 2006 IP
  2. LinkBliss

    LinkBliss Peon

    Messages:
    697
    Likes Received:
    15
    Best Answers:
    0
    Trophy Points:
    0
    #2
    I was going to mention that it's not odd, someone can open a site in IE and then decide to switch to using Firefox or vice versa, but that's a lot of clients!

    I would guess that it's a rendering test, perhaps they are snagging snapshots with each browser (or simulated browser?) to compare.

    Eric
     
    LinkBliss, Dec 28, 2006 IP
  3. lkj

    lkj Peon

    Messages:
    729
    Likes Received:
    17
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Could be a proxy daemon running on the server.......
     
    lkj, Jan 16, 2007 IP
  4. Qryztufre

    Qryztufre Prominent Member

    Messages:
    6,071
    Likes Received:
    491
    Best Answers:
    0
    Trophy Points:
    300
    #4
    The same thing just happened to my site, and one of the user agents claimed to be a googlebot.

    I'd assume it was some type of spammer. I've banned the IP address.

    66.150.225.119

    It came along with a few other numbers, as well... but *shrug*
    Q


    EDIT: I'm looking over my logs, and all of the IP's that hit my site all tried to log in at least once... there may be a connection *shrug*
     
    Qryztufre, Jan 26, 2007 IP